/// <summary>
/// 禁用用户权限(优先级高于角色权限)
/// </summary>
/// <param name="input"></param>
/// <returns></returns>
public async Task ProhibitPermission(ProhibitPermissionInput input)
{
var user = await UserManager.GetUserByIdAsync(input.UserId);
var permission = _permissionManager.GetPermission(input.PermissionName);
await UserManager.ProhibitPermissionAsync(user, permission);
}
/// <summary>
/// Check whether a user is granted for a permission.
/// </summary>
/// <param name="userId">User id</param>
/// <param name="permissionName">Permission name</param>
public virtual async Task <bool> IsGrantedAsync(long userId, string permissionName)
{
return(await IsGrantedAsync(
userId,
_permissionManager.GetPermission(permissionName)
));
}
public async Task Should_Check_IsGranted_Correctly_When_Logged_In_As_Host_Then_Switched_To_Tenant()
{
Resolve <IMultiTenancyConfig>().IsEnabled = true;
var defaultTenantId = 1;
var user = UsingDbContext(defaultTenantId, context =>
{
return(context.Users.Single(f => f.TenantId == defaultTenantId && f.UserName == AbpUserBase.AdminUserName));
});
await _userManager.GrantPermissionAsync(user, _permissionManager.GetPermission(AppPermissions.TestPermission));
var isGranted = await _permissionChecker.IsGrantedAsync(user.ToUserIdentifier(), AppPermissions.TestPermission);
isGranted.ShouldBe(true);
// Simulate background jobs
LoginAsHostAdmin();
using (var uow = _unitOfWorkManager.Begin())
{
using (_unitOfWorkManager.Current.SetTenantId(user.TenantId))
{
isGranted = await _permissionChecker.IsGrantedAsync(user.ToUserIdentifier(), AppPermissions.TestPermission);
isGranted.ShouldBe(true);
}
}
}
public async Task Static_Roles_Can_Have_Default_Granted_Permissions()
{
await CreateTestStaticRoles();
var tenant = GetTenant("Tenant1");
AbpSession.TenantId = tenant.Id;
var adminRole = await RoleManager.GetRoleByNameAsync("admin");
var supporterRole = await RoleManager.GetRoleByNameAsync("supporter");
//Default granted permissions
(await RoleManager.IsGrantedAsync(adminRole.Id, "Permission1")).ShouldBe(true);
(await RoleManager.IsGrantedAsync(adminRole.Id, "Permission2")).ShouldBe(true);
(await RoleManager.IsGrantedAsync(adminRole.Id, "Permission3")).ShouldBe(true);
(await RoleManager.IsGrantedAsync(adminRole.Id, "Permission4")).ShouldBe(true);
(await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission1")).ShouldBe(true);
(await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission2")).ShouldBe(true);
(await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission3")).ShouldBe(false);
(await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission4")).ShouldBe(false);
//Grant new permission that is not granted by default
await RoleManager.GrantPermissionAsync(supporterRole, _permissionManager.GetPermission("Permission3"));
(await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission3")).ShouldBe(true);
//Prohibit a permission that is granted by default
await RoleManager.ProhibitPermissionAsync(supporterRole, _permissionManager.GetPermission("Permission1"));
(await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission1")).ShouldBe(false);
}
public async Task ProhibitPermission(ProhibitPermissionInput input)
{
var user = await this._userManager.GetUserByIdAsync(input.UserId).ConfigureAwait(false);
var permission = _permissionManager.GetPermission(input.PermissionName);
await this._userManager.ProhibitPermissionAsync(user, permission).ConfigureAwait(true);
}
//It could be better to provide cache mechanism
public bool IsGranted(int roleId, string permissionName)
{
var rolePermission =
_rolePermissionRepository.FirstOrDefault(x => x.RoleId == roleId && x.PermissionName == permissionName);
if (rolePermission != null)
{
return(rolePermission.IsGranted);
}
return(_permissionManager.GetPermission(permissionName).Default);
}
/// <summary>
/// 禁止权限
/// </summary>
/// <param name="input">输入模型</param>
/// <returns></returns>
public async Task ProhibitPermission(ProhibitPermissionInput input)
{
//根据Id,获取用户信息
var user = await UserManager.GetUserByIdAsync(input.UserId);
//根据权限名称,获取权限信息
var permission = _permissionManager.GetPermission(input.PermissionName);
//禁止指定用户的权限
await UserManager.ProhibitPermissionAsync(user, permission);
}
public async Task PermissionTests()
{
var role1 = await CreateRole("Role1");
(await _roleManager.HasPermissionAsync(role1, _permissionManager.GetPermission("Permission1"))).ShouldBe(false);
(await _roleManager.HasPermissionAsync(role1, _permissionManager.GetPermission("Permission3"))).ShouldBe(true);
await GrantPermission(role1, "Permission1");
await ProhibitPermission(role1, "Permission1");
await ProhibitPermission(role1, "Permission3");
await GrantPermission(role1, "Permission3");
await GrantPermission(role1, "Permission1");
await ProhibitPermission(role1, "Permission3");
var grantedPermissions = await _roleManager.GetGrantedPermissionsAsync(role1);
grantedPermissions.Count.ShouldBe(2);
grantedPermissions.ShouldContain(p => p.Name == "Permission1");
grantedPermissions.ShouldContain(p => p.Name == "Permission4");
var newPermissionList = new List <Permission>
{
_permissionManager.GetPermission("Permission1"),
_permissionManager.GetPermission("Permission2"),
_permissionManager.GetPermission("Permission3")
};
await _roleManager.SetGrantedPermissionsAsync(role1, newPermissionList);
grantedPermissions = await _roleManager.GetGrantedPermissionsAsync(role1);
grantedPermissions.Count.ShouldBe(3);
grantedPermissions.ShouldContain(p => p.Name == "Permission1");
grantedPermissions.ShouldContain(p => p.Name == "Permission2");
grantedPermissions.ShouldContain(p => p.Name == "Permission3");
}
/// <summary>
/// 判断某用户是否有某权限
/// </summary>
/// <param name="userId"></param>
/// <param name="permissionName"></param>
/// <returns></returns>
public virtual async Task <bool> IsGrantedAsync(long userId, string permissionName)
{
//如果此权限是一个资源按钮,需要检查此按钮是否启用以及是否需要权限
var button = await Resolve <IModuleInfoManager>().FindButtonByPermissionName(permissionName);
if (button != null)
{
//未启用的资源的判断全部为false
if (!button.IsEnabled)
{
return(false);
}
//已启用的资源若不需要权限,则判定为true
else if (!button.RequirePermission)
{
return(true);
}
}
return(await IsGrantedAsync(
userId,
_permissionManager.GetPermission(permissionName)
));
}
/// <summary>
/// Checks if a role is granted for a permission.
/// </summary>
/// <param name="roleName">The role's name to check it's permission</param>
/// <param name="permissionName">Name of the permission</param>
/// <returns>True, if the role has the permission</returns>
public virtual async Task <bool> IsGrantedAsync(string roleName, string permissionName)
{
return(await IsGrantedAsync((await GetRoleByNameAsync(roleName)).Id, _permissionManager.GetPermission(permissionName)));
}
/// <summary>
/// Checks if a role has a permission.
/// </summary>
/// <param name="roleName">The role's name to check it's permission</param>
/// <param name="permissionName">Name of the permission</param>
/// <returns>True, if the role has the permission</returns>
public virtual async Task <bool> HasPermissionAsync(string roleName, string permissionName)
{
return(await HasPermissionAsync(await GetRoleByNameAsync(roleName), _permissionManager.GetPermission(permissionName)));
}
protected async Task ProhibitPermissionAsync(Role role, string permissionName)
{
await RoleManager.ProhibitPermissionAsync(role, PermissionManager.GetPermission(permissionName));
(await RoleManager.HasPermissionAsync(role, PermissionManager.GetPermission(permissionName))).ShouldBe(false);
}
